"They punished him by remotely downgrading his firmware" is a frankly absurd claim... and incorrect, too.
The guy's own post [1] said it was "pending" (e.g. downloaded and ready for an automatic update), not installed. Given that someone else in the same thread notes that the update when installed on their car didn't actually fix the important charging bug it was supposed to, it's much more likely that it was "somebody in engineering decided to cancel a bad update" than his paranoid claims.
> The guy's own post [1] said it was "pending" (e.g. downloaded and ready for an automatic update), not installed.
This is correct. It was an attempted downgrade. He stopped it.
> it's much more likely that it was "somebody in engineering decided to cancel a bad update" than his paranoid claims.
This is unlikely. He wasn't being downgraded to the version prior to the current one. He was being downgraded to a much older version that did not contain any of the secret info. And nobody else was experiencing the downgrade. If there is a critical flaw that requires a rollback, you do it for everyone and it's big news. He also made it clear that he found a ton of other stuff and was not disclosing that (yet).
It looks like somebody at Tesla pushed code to production that shouldn't have been pushed since it isn't relevant to any production vehicles. Once the leak happened, there was a bit of a panic and to stop anymore leaks, they tried to downgrade ... which was silly, because if you know how to root the car, you probably know how to make a backup and stop remote access.
So a rogue corporate exec ordered an unauthorized op against a ronin hacker who Robin Hood'ed the underhood of his electric car.
We are living in cyberpunk times.
I remember when cyberpunk was fresh and new, before it was a codified collection of cliches. Mind you, this was also a time when an author could write, "His buyer for the three megabytes of hot RAM in the Hitachi wasn't taking calls," and think this sounded futuristic and criminally lucrative.
If Tesla employees can address individual cars with no oversight or audit trail or "2+ man rule" in place, that's a huge lapse of professional responsibility.
We need something like Certificate Transparency to log ACL hits for all these "connected, but proprietary" things in our lives.
Do we have any guarantees a rogue tesla employee can't just tell your car to drive off a bridge while you're inside it?
a car company founded by a guy that created a bank in cyberspace shows that he has the power to push software to your car at will, though this time he choose not to, but do not care when his underlings do the same.
Great article, and the best is Musk's response. Just one more example of how, ala Allison and Zeilkow's "Essence of Decision," so much of what happens in industrial organizations ("industrial" in the philosophical sense -- meaning organizations with hierarchies, divisions, etc.) is motivated not by the overall interest of the organization (cf. Musk's response), but rather of the more parochial needs of the individual managers. Which is to say someone within the Tesla organization, fearful of an error they made, sought to retaliate against the guy -- even though the retaliation was unauthorized, and even counterproductive. An amazing use case for how Twitter, when optimally utilized as a total free-speech zone, can really help move the world forward, as things like this enable information to percolate directly to the top without winding its way through the "mittelebureaucracy."
What would you do if your latest commits went live and they indeed did have new things in there, e.g. attribute values?
You might just roll the whole thing back a release, in the first instance to 'update' the hacker to a 'safe' version. If there were a need to roll everyone back then some type of patched new version would need to be released, or, if speed really mattered, just remote downgrade everyone to something safe. The major version numbers might not be the safe releases, the last release from a previous major version might be safer. Hence back to v.12.x.y for him. No malice be involved, just prudent reaction.
Or at the very least, Elon Musk is the voice of Tesla, but there are many other people who work there. You judge a company by their actions, not their words. I'm a huge fan of what they're doing, but not necessarily how they're doing it.
The cars are absolutely awesome.
Unfortunately, they only provide service manuals in Massachusetts (where they are required to by law) and charge $100 per day to view them. Do not sell parts to the public. Ports in the car (obd/ethernet/etc.) are disabled by default. API is undocumented/proprietary. No access to OS. No access to diagnostic information.
Elon Musk is someone who takes personal offense to criticism of his company/products. If a hack is to showoff an awesome new car, which this is the case, I doubt he would have any issues with it.
On the other hand, if some guy found a major security flaw and posted it all over the internet I bet the car would be remotely driven into a brick wall at 100mph+ with the driver inside.
If you put 5fc38436ec295b0049f186651ebba5fd55e8d7b81eb61cbd00d3f1bf18dd9c81 into the google, the second link (because first is article about it) will tell you what it is[1].
I don't see any evidence that this guy's car was targeted specifically. From the info in the article, a much more likely scenario is that they accidentally pushed an update with private data to all cars, realized their mistake after the tweet was posted, then rolled back the update on all cars, so they could fix it before rolling it out again. That's exactly what you'd expect them to do and not sinister in the least.
I haven't read the 48-page forum discussion linked in the article, so there may be more info there, but at the very least the article writer hasn't adequately backed up his claims.
Makes sense to me. Guy messes around with highly proprietary computer system, computer system does something weird. I also didn't read the forum, but nothing in the article suggests anything retaliatory. Or maybe the computer noticed something weird, and reverted to a known stable configuration.
$100 a day to view basic service manuals? I will Never buy a Tesla; even if one day I can afford one.
I can't believe you wealthy boys are putting up with this.
Do you guys really want to be sitting on the side of a road clueless over your toy? I don't expect you boys to pull out the DVOM, and Snap-on tools, but a little knowledge of why it broke down?
Isn't it kinda the American way to at least know what the underlying problem is? Or, have we been conditioned into being good obedient victims?
Personally, I feel emasculated if I need to ring a ding ding AAA? Especially, if the problem is minor. Will never know if we aren't able to read up on the toy?
[+] [-] zyxley|10 years ago|reply
The guy's own post [1] said it was "pending" (e.g. downloaded and ready for an automatic update), not installed. Given that someone else in the same thread notes that the update when installed on their car didn't actually fix the important charging bug it was supposed to, it's much more likely that it was "somebody in engineering decided to cancel a bad update" than his paranoid claims.
[1]: http://www.teslamotorsclub.com/showthread.php/63905-Tesla-s-...
[+] [-] maratd|10 years ago|reply
This is correct. It was an attempted downgrade. He stopped it.
> it's much more likely that it was "somebody in engineering decided to cancel a bad update" than his paranoid claims.
This is unlikely. He wasn't being downgraded to the version prior to the current one. He was being downgraded to a much older version that did not contain any of the secret info. And nobody else was experiencing the downgrade. If there is a critical flaw that requires a rollback, you do it for everyone and it's big news. He also made it clear that he found a ton of other stuff and was not disclosing that (yet).
It looks like somebody at Tesla pushed code to production that shouldn't have been pushed since it isn't relevant to any production vehicles. Once the leak happened, there was a bit of a panic and to stop anymore leaks, they tried to downgrade ... which was silly, because if you know how to root the car, you probably know how to make a backup and stop remote access.
[+] [-] Apocryphon|10 years ago|reply
We are living in cyberpunk times.
[+] [-] stcredzero|10 years ago|reply
We are living in cyberpunk times.
I remember when cyberpunk was fresh and new, before it was a codified collection of cliches. Mind you, this was also a time when an author could write, "His buyer for the three megabytes of hot RAM in the Hitachi wasn't taking calls," and think this sounded futuristic and criminally lucrative.
[+] [-] tjohns|10 years ago|reply
Not enough evidence to say for sure, so Occam's razor applies.
[+] [-] seiji|10 years ago|reply
We need something like Certificate Transparency to log ACL hits for all these "connected, but proprietary" things in our lives.
Do we have any guarantees a rogue tesla employee can't just tell your car to drive off a bridge while you're inside it?
[+] [-] duaneb|10 years ago|reply
[+] [-] profeta|10 years ago|reply
[+] [-] SocksCanClose|10 years ago|reply
[+] [-] Theodores|10 years ago|reply
You might just roll the whole thing back a release, in the first instance to 'update' the hacker to a 'safe' version. If there were a need to roll everyone back then some type of patched new version would need to be released, or, if speed really mattered, just remote downgrade everyone to something safe. The major version numbers might not be the safe releases, the last release from a previous major version might be safer. Hence back to v.12.x.y for him. No malice be involved, just prudent reaction.
[+] [-] fosco|10 years ago|reply
I would love if Tesla's were open for hacking but a previous article [0] pointed out that there appears to be a strong stance [1] against this.
Disclosure:I am a huge fan of the Tesla brand, just cautiously optimistic.
[0] https://news.ycombinator.com/item?id=11233898 [1] https://news.ycombinator.com/item?id=11234465
[+] [-] maratd|10 years ago|reply
Or at the very least, Elon Musk is the voice of Tesla, but there are many other people who work there. You judge a company by their actions, not their words. I'm a huge fan of what they're doing, but not necessarily how they're doing it.
The cars are absolutely awesome.
Unfortunately, they only provide service manuals in Massachusetts (where they are required to by law) and charge $100 per day to view them. Do not sell parts to the public. Ports in the car (obd/ethernet/etc.) are disabled by default. API is undocumented/proprietary. No access to OS. No access to diagnostic information.
Very similar to how Apple does things.
[+] [-] condescendence|10 years ago|reply
On the other hand, if some guy found a major security flaw and posted it all over the internet I bet the car would be remotely driven into a brick wall at 100mph+ with the driver inside.
http://www.huffingtonpost.com/2013/06/24/michael-hastings-ca...
[+] [-] johansch|10 years ago|reply
[+] [-] grav|10 years ago|reply
[+] [-] evmar|10 years ago|reply
[+] [-] takeda|10 years ago|reply
If you put 5fc38436ec295b0049f186651ebba5fd55e8d7b81eb61cbd00d3f1bf18dd9c81 into the google, the second link (because first is article about it) will tell you what it is[1].
[1] https://md5hashing.net/hash/sha256/5fc38436ec295b0049f186651...
[+] [-] pizza|10 years ago|reply
> (a reverse lookup of the hash posted above yields this)
5 days ago, http://www.teslamotorsclub.com/showthread.php/58951-Let-the-...
[+] [-] sabujp|10 years ago|reply
[+] [-] Overtonwindow|10 years ago|reply
[+] [-] PhasmaFelis|10 years ago|reply
I haven't read the 48-page forum discussion linked in the article, so there may be more info there, but at the very least the article writer hasn't adequately backed up his claims.
[+] [-] betenoire|10 years ago|reply
[+] [-] PhasmaFelis|10 years ago|reply
[+] [-] marincounty|10 years ago|reply
I can't believe you wealthy boys are putting up with this.
Do you guys really want to be sitting on the side of a road clueless over your toy? I don't expect you boys to pull out the DVOM, and Snap-on tools, but a little knowledge of why it broke down?
Isn't it kinda the American way to at least know what the underlying problem is? Or, have we been conditioned into being good obedient victims?
Personally, I feel emasculated if I need to ring a ding ding AAA? Especially, if the problem is minor. Will never know if we aren't able to read up on the toy?
[+] [-] dang|10 years ago|reply
[+] [-] neurotech1|10 years ago|reply
Audi: https://erwin.audiusa.com/erwin/showOrderFlatrate.do ($250/m)
Tesla: https://service.teslamotors.com/ ($350/m)
BMW: https://www.bmwtechinfo.com/ ($250/m)
[+] [-] killface|10 years ago|reply
[deleted]
[+] [-] ocdtrekkie|10 years ago|reply